cvelistv5 - cve-2016-8802

cve-2016-8802

Vulnerability from cvelistv5

Published

2017-04-02 20:00

Modified

2024-08-06 02:35

Severity ?

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en	Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/94538	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94538	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,	Version: Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T02:35:02.208Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
          },
          {
            "name": "94538",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/94538"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,"
            }
          ]
        }
      ],
      "datePublic": "2017-03-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-04-03T09:57:01",
        "orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
        "shortName": "huawei"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
        },
        {
          "name": "94538",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/94538"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2016-8802",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "buffer overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
            },
            {
              "name": "94538",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/94538"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
    "assignerShortName": "huawei",
    "cveId": "CVE-2016-8802",
    "datePublished": "2017-04-02T20:00:00",
    "dateReserved": "2016-10-18T00:00:00",
    "dateUpdated": "2024-08-06T02:35:02.208Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BBE3431-EBFA-4C4A-97B1-6384869FD197\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc101:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9A01CAB-F734-474E-B2D6-72CC4FAFD316\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F11B551-9147-4DCA-8FEF-0874EEB83984\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C281B511-7A27-4FC6-9427-AE5AD7C302F3\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B7BA85B-9D77-44C2-B91D-5C8FC20B25A1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc101:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4B566B18-15AF-4D81-B708-4DF02B974208\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2ED44F95-064A-4E85-A030-B15E88FBEAB4\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0ED6E342-26E7-45DF-AC3F-EFEBAE3DDDF0\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc100:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"76B53D29-9848-43A1-948B-2F468BFBEDD9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc101:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA6E88F3-6B23-4868-8487-0A1172D10DE5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc200:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"06C078DB-743F-4E37-A435-8FF79DA908DB\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BE469876-F873-4705-9760-097AE840A818\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.\"}, {\"lang\": \"es\", \"value\": \"El m\\u00f3dulo de procesamiento de pol\\u00edticas de seguridad en Huawei Secospace USG6300 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 permite a atacantes autenticados configurar una pol\\u00edtica de seguridad especifica dentro de los dispositivos, provocando un desbordamiento de b\\u00fafer y bloqueando el sistema.\"}]",
      "id": "CVE-2016-8802",
      "lastModified": "2024-11-21T03:00:07.210",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:N/A:C\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-04-02T20:59:01.937",
      "references": "[{\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94538\", \"source\": \"psirt@huawei.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/94538\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "psirt@huawei.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2016-8802\",\"sourceIdentifier\":\"psirt@huawei.com\",\"published\":\"2017-04-02T20:59:01.937\",\"lastModified\":\"2024-11-21T03:00:07.210\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.\"},{\"lang\":\"es\",\"value\":\"El m\u00f3dulo de procesamiento de pol\u00edticas de seguridad en Huawei Secospace USG6300 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 permite a atacantes autenticados configurar una pol\u00edtica de seguridad especifica dentro de los dispositivos, provocando un desbordamiento de b\u00fafer y bloqueando el sistema.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:C\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BBE3431-EBFA-4C4A-97B1-6384869FD197\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc101:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9A01CAB-F734-474E-B2D6-72CC4FAFD316\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F11B551-9147-4DCA-8FEF-0874EEB83984\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C281B511-7A27-4FC6-9427-AE5AD7C302F3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B7BA85B-9D77-44C2-B91D-5C8FC20B25A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc101:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4B566B18-15AF-4D81-B708-4DF02B974208\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2ED44F95-064A-4E85-A030-B15E88FBEAB4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0ED6E342-26E7-45DF-AC3F-EFEBAE3DDDF0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76B53D29-9848-43A1-948B-2F468BFBEDD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc101:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA6E88F3-6B23-4868-8487-0A1172D10DE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc200:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06C078DB-743F-4E37-A435-8FF79DA908DB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE469876-F873-4705-9760-097AE840A818\"}]}]}],\"references\":[{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94538\",\"source\":\"psirt@huawei.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/94538\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

fkie_cve-2016-8802

Vulnerability from fkie_nvd

Published

2017-04-02 20:59

Modified

2024-11-21 03:00

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
psirt@huawei.com	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en	Vendor Advisory
psirt@huawei.com	http://www.securityfocus.com/bid/94538	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/94538	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
huawei	secospace_usg6300_firmware	v500r001c20spc100
huawei	secospace_usg6300_firmware	v500r001c20spc101
huawei	secospace_usg6300_firmware	v500r001c20spc200
huawei	secospace_usg6300	-
huawei	secospace_usg6500_firmware	v500r001c20spc100
huawei	secospace_usg6500_firmware	v500r001c20spc101
huawei	secospace_usg6500_firmware	v500r001c20spc200
huawei	secospace_usg6500	-
huawei	secospace_usg6600_firmware	v500r001c20spc100
huawei	secospace_usg6600_firmware	v500r001c20spc101
huawei	secospace_usg6600_firmware	v500r001c20spc200
huawei	secospace_usg6600	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBE3431-EBFA-4C4A-97B1-6384869FD197",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9A01CAB-F734-474E-B2D6-72CC4FAFD316",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F11B551-9147-4DCA-8FEF-0874EEB83984",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C281B511-7A27-4FC6-9427-AE5AD7C302F3",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7BA85B-9D77-44C2-B91D-5C8FC20B25A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B566B18-15AF-4D81-B708-4DF02B974208",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ED44F95-064A-4E85-A030-B15E88FBEAB4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ED6E342-26E7-45DF-AC3F-EFEBAE3DDDF0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
              "matchCriteriaId": "76B53D29-9848-43A1-948B-2F468BFBEDD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA6E88F3-6B23-4868-8487-0A1172D10DE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
              "matchCriteriaId": "06C078DB-743F-4E37-A435-8FF79DA908DB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE469876-F873-4705-9760-097AE840A818",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system."
    },
    {
      "lang": "es",
      "value": "El m\u00f3dulo de procesamiento de pol\u00edticas de seguridad en Huawei Secospace USG6300 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 con software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 permite a atacantes autenticados configurar una pol\u00edtica de seguridad especifica dentro de los dispositivos, provocando un desbordamiento de b\u00fafer y bloqueando el sistema."
    }
  ],
  "id": "CVE-2016-8802",
  "lastModified": "2024-11-21T03:00:07.210",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.8,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-04-02T20:59:01.937",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
    },
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/94538"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2016-8802

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2016-8802

Aliases

CVE-2016-8802

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-8802",
    "description": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.",
    "id": "GSD-2016-8802"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-8802"
      ],
      "details": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.",
      "id": "GSD-2016-8802",
      "modified": "2023-12-13T01:21:22.336196Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@huawei.com",
        "ID": "CVE-2016-8802",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Secospace USG6300,Secospace USG6500,Secospace USG6600 Secospace USG6300 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6500 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,Secospace USG6600 V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200,"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "buffer overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en",
            "refsource": "CONFIRM",
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
          },
          {
            "name": "94538",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/94538"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@huawei.com",
          "ID": "CVE-2016-8802"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
            },
            {
              "name": "94538",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/94538"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2017-04-05T19:52Z",
      "publishedDate": "2017-04-02T20:59Z"
    }
  }
}

The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system. Huawei Secospace is a terminal security management system. A buffer overflow vulnerability exists in multiple Huawei Secospace products. Because the user does not perform a boundary check on the data copied by the user, the attacker can exploit the vulnerability to restart the affected device, resulting in a denial of service condition and possibly executing arbitrary code. Attackers can exploit this issue to reboot the affected device to cause denial-of-service conditions. Due to the nature of this issue, arbitrary code execution may be possible but this has not been confirmed. Huawei Secospace USG6300 etc. are the firewalls of China Huawei (Huawei). The following products and versions are affected: Huawei Secospace USG6300 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version; Secospace USG6500 USG6300 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version; Secospace USG6600 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201704-0425",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "secospace usg6300",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc100"
      },
      {
        "model": "secospace usg6300",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc101"
      },
      {
        "model": "secospace usg6300",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc200"
      },
      {
        "model": "secospace usg6500",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc100"
      },
      {
        "model": "secospace usg6500",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc101"
      },
      {
        "model": "secospace usg6500",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc200"
      },
      {
        "model": "secospace usg6600",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc100"
      },
      {
        "model": "secospace usg6600",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc101"
      },
      {
        "model": "secospace usg6600",
        "scope": "eq",
        "trust": 2.4,
        "vendor": "huawei",
        "version": "v500r001c20spc200"
      },
      {
        "model": "secospace usg6300 v500r001c20spc100",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6300 v500r001c20spc101",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6300 v500r001c20spc200",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6500 v500r001c20spc100",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6500 v500r001c20spc101",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6500 v500r001c20spc200",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6600 v500r001c20spc100",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6600 v500r001c20spc101",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6600 v500r001c20spc200",
        "scope": null,
        "trust": 0.9,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6600 v500r001c20spc300",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6500 v500r001c20spc300",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      },
      {
        "model": "secospace usg6300 v500r001c20spc300",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "huawei",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "BID",
        "id": "94538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6300_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:secospace_usg6300:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6500_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:secospace_usg6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:huawei:secospace_usg6600_firmware:v500r001c20spc200:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:huawei:secospace_usg6600:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "94538"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2016-8802",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": true,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.8,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-8802",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2016-11668",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "VHN-97622",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 6.5,
            "baseSeverity": "Medium",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2016-8802",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2016-8802",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-11668",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201611-650",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-97622",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system. Huawei Secospace is a terminal security management system. A buffer overflow vulnerability exists in multiple Huawei Secospace products. Because the user does not perform a boundary check on the data copied by the user, the attacker can exploit the vulnerability to restart the affected device, resulting in a denial of service condition and possibly executing arbitrary code. \nAttackers can exploit this issue to reboot the affected device to cause  denial-of-service conditions. Due to the nature of this issue, arbitrary  code execution may be possible but this has not been confirmed. Huawei Secospace USG6300 etc. are the firewalls of China Huawei (Huawei). The following products and versions are affected: Huawei Secospace USG6300 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version; Secospace USG6500 USG6300 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version; Secospace USG6600 V500R001C20SPC100 Version, V500R001C20SPC101 Version, V500R001C20SPC200 Version",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "BID",
        "id": "94538"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2016-8802",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "94538",
        "trust": 2.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "db": "BID",
        "id": "94538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ]
  },
  "id": "VAR-201704-0425",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      }
    ],
    "trust": 1.3652770966666665
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:04:19.766000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "huawei-sa-20161125-01-usg",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
      },
      {
        "title": "Patch for buffer overflow vulnerability in multiple HuaweiSecospace products",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/84654"
      },
      {
        "title": "Multiple Huawei Secospace Repair measures for firewall product buffer overflow vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=66066"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/94538"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-8802"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-8802"
      },
      {
        "trust": 0.3,
        "url": "http://www.huawei.com"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "db": "BID",
        "id": "94538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "db": "BID",
        "id": "94538"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "db": "NVD",
        "id": "CVE-2016-8802"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "date": "2017-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "date": "2016-11-25T00:00:00",
        "db": "BID",
        "id": "94538"
      },
      {
        "date": "2017-05-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "date": "2017-04-02T20:59:01.937000",
        "db": "NVD",
        "id": "CVE-2016-8802"
      },
      {
        "date": "2016-11-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-11-30T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-11668"
      },
      {
        "date": "2017-04-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-97622"
      },
      {
        "date": "2016-12-20T01:02:00",
        "db": "BID",
        "id": "94538"
      },
      {
        "date": "2017-05-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      },
      {
        "date": "2017-04-05T19:52:42.207000",
        "db": "NVD",
        "id": "CVE-2016-8802"
      },
      {
        "date": "2016-12-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Huawei Secospace USG Buffer overflow vulnerability in product security policy execution module",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2016-008214"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-650"
      }
    ],
    "trust": 0.6
  }
}

ghsa-x3cf-qq49-8942

Vulnerability from github

Published

2022-05-17 02:51

Modified

2022-05-17 02:51

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-8802"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-04-02T20:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The security policy processing module in Huawei Secospace USG6300 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6500 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200; Secospace USG6600 with software V500R001C20SPC100, V500R001C20SPC101, V500R001C20SPC200 allows authenticated attackers to setup a specific security policy into the devices, causing a buffer overflow and crashing the system.",
  "id": "GHSA-x3cf-qq49-8942",
  "modified": "2022-05-17T02:51:29Z",
  "published": "2022-05-17T02:51:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8802"
    },
    {
      "type": "WEB",
      "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161125-01-usg-en"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94538"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2016-8802

Vulnerability from cvelistv5

fkie_cve-2016-8802

Vulnerability from fkie_nvd

gsd-2016-8802

Vulnerability from gsd

var-201704-0425

Vulnerability from variot

ghsa-x3cf-qq49-8942

Vulnerability from github

Tags

Sightings

Nomenclature